1. Field of the Invention
The present invention relates generally to a method and apparatus for security domain management in a trusted execution environment, and more particularly, to a method and an apparatus for controlling a communication between the security domains.
2. Description of the Related Art
A current GlobalPlatform™ standard 1.0 defines a Trusted Execution Environment (TEE).
FIG. 1 is a diagram illustrating an example of a TEE management structure.
Referring to FIG. 1, the TEE defined by the standard specifies a configuration of a security domain within the TEE to assign a security right, and manage a life cycle of trusted applications according to the assigned security right. Each security domain is strictly isolated, and is configured in such a manner to prevent the mutual exchange of information.
The security domain represents each managing entity within a terminal, and may be configured in several ways. A typical approach is that an application mounted in the TEE executes functions on behalf of a remote rights holder. In this case, when manufacturing a terminal, a terminal manufacturer may implement a built-in security domain application in the terminal, so that a lifecycle (e.g., lock, unlock, update, etc.) of the TEE and other security domains may be managed by using the built-in security domain application.
A trusted application provider enables a security domain to be controlled under management of a specific domain or a root domain. Accordingly, when a service, such as a user terminal change or a security domain migration by a security domain manager, is performed, ally domains (i.e., a domain defined as having an association relationship with a corresponding domain) may not be able to perform a necessary service as they are not able to recognize the service.